创建k8s单独命名空间token账号

创建k8s单独命名空间token账号,编辑ns-test1.yaml文件

apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-ns-test1
  namespace: ns-test1
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: dashboard-ns-test1
  namespace: ns-test1
rules:
  - apiGroups: ["*"]
    resources: ["*"]
    verbs: ["get","list","watch","exec","create"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-ns-test1
  namespace: ns-test1
subjects:
  - kind: ServiceAccount
    name: dashboard-ns-test1
    namespace: ns-test1
roleRef:
  kind: Role
  name: dashboard-ns-test1
  apiGroup: rbac.authorization.k8s.io

执行生效

kubectl apply -f ns-test1.yaml

获取token,编辑get-token.sh文件

namespacename=$1
if [ "" == "$namespacename" ];then
  echo "namespacename is null"
elif [ "admin" == "$namespacename" ];then
  kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard-$namespacename | awk '{print $1}')
else
  kubectl -n $namespacename describe secret $(kubectl -n $namespacename get secret | grep dashboard-$namespacename | awk '{print $1}')
fi

执行get-token.sh生效

sh get-token.sh ns-test1

给TA买糖
共{{data.count}}人
人已赞赏
k8s编排文件

k8s中yaml编排文件暴露多个端口

2021-5-13 11:09:03

k8s编排文件

k8s-1.18.x创建dashboard管理员token

2021-5-18 11:50:25

0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
今日签到
有新私信 私信列表
搜索